Skip to content

Port 5900: VNC Remote Desktop

Key idea:

Port 5900 (TCP) is the standard for VNC Remote Desktop. Port 5900 — default for VNC (Virtual Network Computing). 5901-5905 for displays :1-:5. VNC protocol has no TLS encryption by default, password is limited to 8 bytes (DES). Shodan

Below: what uses this port, security considerations, online check, FAQ.

Check your host & ports →

What runs on this port

VNC Remote Desktop

Port 5900 — default for VNC (Virtual Network Computing). 5901-5905 for displays :1-:5. VNC protocol has no TLS encryption by default, password is limited to 8 bytes (DES). Shodan finds millions of open VNC instances without auth.

Security considerations

VNC exposed on the internet = full desktop takeover. Always SSH tunnel (ssh -L 5900:localhost:5900 user@host). TigerVNC/RealVNC 6+ support TLS, but it is simpler to use Apache Guacamole or NoMachine with native auth.

Check this port online

Check port online →

Enterno.io Ping + Port checker tests TCP reachability of any port from 3 regions (Moscow / Frankfurt / Virginia).

Understanding VNC Remote Desktop Connections

Port 5900 (TCP) serves as the default communication channel for VNC (Virtual Network Computing) remote desktop connections. VNC is a graphical desktop-sharing system that allows users to remotely control another computer over a network. This protocol operates on a client-server model, where the VNC server runs on the host machine and the VNC client connects to it.

When a VNC client connects to a server on port 5900, it can access the server's desktop environment, enabling users to interact with the system as if they were physically present. The VNC protocol utilizes a series of display numbers to distinguish different sessions, with ports 5901 to 5905 corresponding to display numbers :1 to :5, respectively.

Given its wide adoption, VNC can be found in various applications, including remote technical support, remote access to desktop environments, and collaborative work sessions. However, it's crucial to understand the security implications of using VNC, particularly due to the protocol's lack of encryption by default.

  • Common VNC Implementations: TightVNC, UltraVNC, RealVNC
  • Cross-Platform Compatibility: VNC clients are available for Windows, macOS, Linux, and mobile platforms.

Security Considerations for Port 5900

While port 5900 facilitates convenient remote access through VNC, it also presents significant security risks. By default, the VNC protocol does not implement TLS encryption, leaving data transmitted over the connection susceptible to interception. Additionally, VNC passwords are limited to 8 bytes and are hashed using DES encryption, which is no longer considered secure.

To mitigate these risks, consider the following security practices:

  • Use SSH Tunneling: Establish an SSH tunnel to encrypt the VNC traffic. This can be achieved with the command:
ssh -L 5900:localhost:5900 user@remote_host
  • Implement Firewall Rules: Restrict access to port 5900 only from trusted IP addresses. For example, using iptables:
iptables -A INPUT -p tcp -s --dport 5900 -j ACCEPT
  • Change Default Port: Alter the VNC server configuration to use a non-standard port to reduce the likelihood of automated attacks.

Regularly update VNC software to patch known vulnerabilities and consider using a VNC implementation that supports more robust authentication and encryption mechanisms.

Practical Examples of Configuring VNC on Port 5900

Configuring a VNC server to operate on port 5900 involves a few steps, depending on the operating system and VNC software in use. Below are practical examples for setting up a VNC server on both Linux and Windows.

Linux Configuration

For a typical Linux setup using TightVNC, follow these steps:

  1. Install the TightVNC server:
sudo apt install tightvncserver
  1. Start the VNC server and set your password:
vncserver :1
  1. Configure the server to use port 5900:
echo "geometry=1024x768" >> ~/.vnc/xstartup
  1. Stop and restart the server to apply changes:
vncserver -kill :1 && vncserver :1

Windows Configuration

For Windows users with RealVNC, the configuration process is straightforward:

  1. Download and install RealVNC Server.
  2. Open the VNC Server application and navigate to the Options menu.
  3. Under the Connections tab, ensure that the port is set to 5900.
  4. Set a strong password in the Authentication section.

After these configurations, ensure to test the connection from a VNC viewer using:

vncviewer :5900

By following these steps, you can successfully establish a secure and functional VNC remote desktop connection over port 5900.

Learn more

Sources

Frequently Asked Questions

Is port 5900 open by default?

No, modern cloud providers (AWS, Google Cloud, Yandex) close all incoming ports by default. You must explicitly allow port 5900 in a Security Group or firewall.

How to check if port 5900 is reachable?

Use <a href="/en/ping">Enterno Ping + Port Checker</a>. Or in shell: <code>nc -vz example.com 5900</code>.

Is port 5900 safe to expose?

Depends on the service. VNC Remote Desktop should never be exposed publicly without authentication + TLS. See <a href="/en/s/research-open-ports-exposure-2026">our 2026 exposure research</a>.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.